Police could lawfully use bulk surveillance techniques to access messages from encrypted communications platforms such as WhatsApp and Signal, following a ruling by the UK’s Investigatory Powers Tribunal (IPT), a court has heard.
I’ve become convinced that Matrix should have been built on top of XMPP. They went out of their way to create a protocol from scratch when we already had XMPP available and well developed. This turned out to be much more difficult than they anticipated, and they’ve had to make drastic changes to the api, spec, and server over the years. Matrix will never be a stable, finished product because they aren’t even sure what that looks like. They can’t even stick with a name for crying out loud. Dendrite? Synapse? Pick one and put all your effort behind it.
The sifting sand base that Matrix is built on top of becomes really glatibg when you look at the clients and servers available for Matrix. Not one single third party app that I’m aware of implements every single feature offered by Element (the app). No other server is fully compliant with the API. And, Matrix is YET ANOTHER PROTOCOL that chat apps have to integrate with.
None of that is to mention that the VC for Matrix is about to run out. Either Riot/Matrix/Element/Whatever is going to sellout and enshittify, or they’re going to stop existing and the entire protocol will be dead in the water. XMPP doesn’t have this problem.
They should have built a beautiful XMPP app, slapped signal encryption on top, and called it a day.
They’ve said that they release the source code after it’s running in production:
sorry the source for one of our services was so far behind. We often don’t push source until we release things, and there were a few overlapping releases that happened in that period which made it awkward to push at any moment and put us behind. Additionally, we’ve seen a large increase in spam, and a reluctance to immediately publish the exact anti-spam measures we were responding with to a place where spammers could immediately see them combined with the above to cause this extreme delay.
That’d be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there’s no way anyone can read the messages, except the owner of the private key.
Especially with Signal being open source. What stops the official Signal company from advertising another fork?
“Gruyere Signal”
The server software is not open source.
Untrue. Stop spreading FUD: https://github.com/signalapp/Signal-Server
There’s a grain of truth in the claim: We don’t know for sure if the original open source version is actually running on the server.
Isn’t that true of all server side FOSS?
Yes. We just have to trust them. Or selfhost, which I’m doing with almost everything.
Man Signal would be the perfect messenger if it was defederated.
Why not use eg. Matrix then?
I’ve become convinced that Matrix should have been built on top of XMPP. They went out of their way to create a protocol from scratch when we already had XMPP available and well developed. This turned out to be much more difficult than they anticipated, and they’ve had to make drastic changes to the api, spec, and server over the years. Matrix will never be a stable, finished product because they aren’t even sure what that looks like. They can’t even stick with a name for crying out loud. Dendrite? Synapse? Pick one and put all your effort behind it.
The sifting sand base that Matrix is built on top of becomes really glatibg when you look at the clients and servers available for Matrix. Not one single third party app that I’m aware of implements every single feature offered by Element (the app). No other server is fully compliant with the API. And, Matrix is YET ANOTHER PROTOCOL that chat apps have to integrate with.
None of that is to mention that the VC for Matrix is about to run out. Either Riot/Matrix/Element/Whatever is going to sellout and enshittify, or they’re going to stop existing and the entire protocol will be dead in the water. XMPP doesn’t have this problem.
They should have built a beautiful XMPP app, slapped signal encryption on top, and called it a day.
They’ve said that they release the source code after it’s running in production:
https://github.com/signalapp/Signal-Android/issues/11101#issuecomment-815400676
In that case: They started publishing code AGAIN.
The server soft has been available, then not, and apparently now again.
That’d be irrelevant, because as long as only the clients hold the keys (which we can verify, as those are not only open source but also are under our control, meaning we can check that the upstream open source version is installed and no private keys are being exchanged) there’s no way anyone can read the messages, except the owner of the private key.
Messages - yes, but there is also metadata. When ALL communication goes through the same servers, it becomes kind of a problem.